Navigant's Cyber Risk and Information Security PracticeLearn More

Blog

3 Common Cyber Security Mistakes17 March 2015

By
Academia, Financial Services, Healthcare, IT Security, Non-Profit, Risk Management

Managing the many elements within an organization’s cyber security ecosystem can be overwhelming for executives in any industry. From properly configuring the network infrastructure to writing and implementing a sound mobile device management policy, keeping data secure is becoming more and more difficult and requires input from every department. Here are three mistakes that are commonly overlooked in organizations:

1. Charging Cell Phones Through Laptop USB Ports
When outlets are not easily accessible, it’s common for employees to use the USB port on their laptop to charge their cell phones. However, with today’s trendy apps and games, hackers are able to gain access into employee’s phones through hidden malware. When employees plug their phones into their laptops, the malware can then be transferred into the computer, giving bad actors access to your files.

Risk of this type of breach can be limited by educating employees on the dangers of charging their phones through the USB ports of their laptops and by writing strict policies to restrict such use. For employees who would like to sync their computers with their phones, many applications have wireless syncing capabilities, which allow the convenience without the threat of a breach.

2. Failing to Follow Data Breach Reporting Laws
When an organization is breached, there is often a crisis management scramble. However, there are many different reporting laws for each state. Most importantly, organizations need to follow the reporting laws based on the residency of their breached clients, not just the company location. For example, if a company in Maryland with clients in Virginia, New York, and Pennsylvania, is breached, and its clients’ data is exposed, the company is subject to the reporting laws for each state in which its breached clients reside.

Managing the different state reporting laws can be difficult, especially for organizations that serve clients nationwide. It is important to know the states in which your clients live and become familiar with those reporting laws so that you are ready to act in the event of a breach. Here is a helpful link to the different state reporting laws.

3. Assuming IT Personnel Are Security Specialists
Until a few years ago, IT personnel were focused on keeping organization devices running smoothly and efficiently. Now, data security has become part of their job description. It is important that executives understand the differences between an IT Specialist and an IT Security Specialist and manage their expectations accordingly.

Since cyber security is not solely a technical problem, it is also important not to put the entire burden on your IT Director. By placing security responsibilities with IT, HR, Finance, and other departments, the overwhelming topic becomes more manageable and cohesive.

There are many other tips and pitfalls to look out for. For a more extensive list, take a look at our “Cyber Security Best Practices” guide or contact us to schedule a call.

 

Image Source: Denys Prykhodov / Shutterstock.com

Work With Us Learn How